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What is claimed is : 

1 A Jacobian group element adder, which is an arithmetic 
unit for executing addition in a Jacobian group of an 
algebraic curve defined by a polynomial defined over a 
5 finite field that is 

Y 3 + a 0 X 4 + a iXY 2 + a 2 X 2 Y+ a 3 X 3 + a 4 Y 2 + a 5 XY+ a 6 X 2 + a 7 Y+ a 8 X+ a 9 

or 

Y 2 + a 0 X 5 + a iX 2 Y+ a 2 X 4 + a 3 XY+ a 4 X 3 + a 5 Y+ a 6 X 2 + a 7 X+ a 8 
or 

10 Y 2 + a 0 X 7 + a iX 3 Y+ a 2 X 6 + a 3 X 2 Y+ a 4 X 5 + a 5 XY+ a 6 X 4 + a 7 Y+ a 8 X 3 + a 9 X 2 + a 

said Jacobian group element adder comprising: 

means for inputting an algebraic curve parameter file 
having an order of a field of definition, a monomial order, 
15 and a coefficient list described as a parameter 
representing said algebraic curve; 

means for inputting Groebner bases I x and I 2 of ideals 
of the coordinate ring of the algebraic curve designated 
by said algebraic curve parameter file, said Groebner 
20 bases representing elements of said Jacobian group; 

ideal reduction means for, in the coordinate ring of 
the algebraic curve designated by said algebraic curve 
parameter file, performing arithmetic of producing a 
Groebner basis J of the ideal which is a product of the 
25 ideal that the Groebner basis Ii generates, and the ideal 
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that the Groebner basis I 2 generates; 

first ideal reduction means for f in the coordinate 
ring of the algebraic curve designated by said algebraic 
curve parameter file, performing arithmetic of producing 
a Groebner basis J* of the ideal, which is smallest in the 
monomial order designated by said algebraic curve 
parameter file among the ideals equivalent to an inverse 
ideal of the ideal that the Groebner basis J generates; 
and 

second ideal reduction means for, in the coordinate 
ring of the algebraic curve designated by said algebraic 
curve parameter file, performing arithmetic of producing a 
Groebner basis J** of the ideal, which is smallest in the 
monomial order designated by said algebraic curve 
parameter file among the ideals equivalent to an inverse 
ideal of the ideal that the Groebner basis J* generates, 
to output it. 

2 The Jacobian group element adder according to claim 1, 
wherein said ideal composition means has: 

linear-relation derivation means for, for a plurality 
of vectors v if v 2 , and v n that were input, outputting a 
plurality of vectors 

{mi=(mi,i,mi,2,...rnii,n) ,m 2 = (m 2 ,i,m 2 , 2 , m 2 , n ) , representing 
linear dependence relations 
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2imj,iVi=0 ( j=l, 2 , ...) of all of them employing a discharging 
method; 

an ideal type table that is composed of a record 
number field, an ideal type number field, an order field, 
5 and an ideal type field; 

a monomial list table that is composed of the record 
number field, the order field, and a monomial list field; 

a table for a Groebner basis construction that is 
composed of the record number field, the order field, a 
10 component number list field, a first vector type field, a 
second vector type field, and a third vector type field; 

ideal type classification means for acquiring said 
algebraic curve parameter file to make a reference to said 
ideal type table for each of Groebner bases Ii and I2 that 
15 were input, to retrieve a record in which the ideal type 

described in the ideal type field accords with the type of 
an input ideal I ± (i=l,2), and to acquire a value N ± of the 
ideal type number field and a value d ± of the order field 
of the retrieved record; 
20 monomial vector generation means for calculating a sum 

d 3 =di+d 2 of said values di and d 2 of said order field to 
make a reference to said monomial list table for 
retrieving a record R of which a value of the order field 
is said d 3 , to acquire a list Mi, M 2 , ... of the monomial 
25 described in said monomial list field of said record R, 



- 114 - 

» » 



when Ii and I 2 are different, to calculate a remainder 
equation ri of dividing each said monomial M± by Ii, to 
generate a vector w (1) i that is composed of coefficients of 
the remainder equation r± according to the monomial order 
5 described in said algebraic curve parameter file, 
furthermore to calculate a remainder equation Si of 
dividing Mi by I 2 , to generate a vector w U) 2 that is 
composed of coefficients of the remainder equation s± 
according to the monomial order described in an algebraic 

10 curve parameter file A, to connect the above-mentioned two 
vectors w (i) i and w (i> 2 for generating a vector v ±/ also, 
when Ii and I 2 are equal, to calculate a remainder 
equation r± of dividing each said monomial Mi by I x , to 
generate a vector w {i) i that is composed of coefficients of 

15 the remainder equation ri according to the monomial order 
described in said algebraic curve parameter file, 
furthermore to construct a defining polynomial F employing 
the coefficient list and the monomial order described in 
said algebraic curve parameter file, when a differential 

20 of a polynomial M with regard to by its X is expressed by 
D X (M), and a differential of the polynomial M with regard 
to by its Y is expressed by D Y (M), to calculate a 
remainder equation s± of dividing a polynomial D x (Mi)D Y (F)- 
D y (Mi) D x (F) by Ii, to generate a vector w U) 2 that is 

25 composed of coefficients of the remainder equation s± 
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according to the monomial order described in said 
algebraic curve parameter file, and to connect the above- 
mentioned two vectors w U) i and w U) 2 for generating a vector 
v±; and 

5 basis construction means for inputting said plurality 

of said vectors vi, v 2/ ... into said linear-relation 
derivation means, to acquire a plurality of vectors mi, m 2 , 
... as an output, to make an reference to said table for a 
Groebner basis construction for retrieving a record R 2 , of 

10 which a value of the order field is said value d 3 , and in 
which a vector of which the components that correspond to 
all component numbers described in the component number 
list field are all zero does not lie in said plurality of 
said vectors mi, m 2 , to select a vector m that accords 

15 with a first vector type of said record R 2 from among said 
plurality of said vectors mi, m 2 , to generate a 

polynomial fi of which the coefficient is a value of a 
component of the vector m according to the monomial order 
described in said algebraic curve parameter file, 

20 hereinafter, similarly, to generate a polynomial f 2 

employing a vector that accords with a second vector type, 
and also a polynomial f 3 employing a vector that accords 
with a third vector type, to obtain a set J= {fi,f 2 ,fs} of 
the polynomial, and to output it as said Groebner basis J. 
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3 The Jacobian group element adder according to one of 
claim 1 and claim 2, wherein each of said first and said 
second ideal reduction means has: 

linear-relation derivation means for, for a plurality 
of vectors Vi, v 2 , and v n that were input, outputting a 

plurality of vectors 

{mi=(mi,i r mi,2r.»rnii, n ) , m 2 = (m 2/ i,m 2/2 , iti 2 ,n) ,♦••} representing 
linear dependence relations 

£im jt i vi=0 ( j=l, 2, ...) of all of them employing a discharging 
method ; 

. an ideal type table that is composed of the record 
number field, the ideal type number field, a reduction 
order field, and the ideal type field; 

a monomial list table that is composed of the record 
number field, the order field, and the monomial list 
field; 

a table for a Groebner basis construction that is 
composed of the record number field, the order field, the 
component number list field, the first vector type field, 
the second vector type field, and the third vector type 
field; 

ideal type classification means for acquiring said 
algebraic curve parameter file to make a reference to said 
ideal type table, to retrieve a record in which the ideal 
type described in the ideal type field accords with the 
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type of an input ideal J, to acquires a value N of the 
ideal type number field and a value d of the reduction 
order field of the retrieved record; 

polynomial vector generation means for, when said d is 
zero, outputting the input ideal J as said Groebner basis 
J* , when said d is not zero, to make a reference to said 
monomial list table for retrieving a record R of which a 
value of the order field is said d, to acquire a list Mi, 
M 2 , ... of the monomial described in the monomial list field 
of said record R, to construct a defining polynomial F 
employing the coefficient list and the monomial order 
described in said algebraic curve parameter file, to 
acquire a first polynomial f, a second polynomial g, and a 
third polynomial h of the input ideal J, to calculate a 
remainder equation ri of a product M ± • g of each said 
monomial M± and the polynomial g by the polynomials f and 
F, to generate a vector w u, i that is composed of 
coefficients of the remainder equation r± according to the 
monomial order described in said algebraic curve parameter 
file, furthermore to calculate a remainder equation si of 
a product Mi * h of each said monomial M± and the polynomial 
h by the polynomials f and F, to generate a vector w (1) 2 
that is composed of coefficients of the remainder equation 
si according to the monomial order described in said 
algebraic curve parameter file, and to connect the above- 
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mentioned two vectors w (1) i and w U) 2 for generating a 
vector vi; 

and basis construction means for inputting said 
plurality of said vectors vi, v 2 ,... into said linear- 
5 relation derivation means, to obtain a plurality of 
vectors mi, m 2 , ... as an output, to make a reference to 
said table for a Groebner basis construction for 
retrieving a record R 2 of which a value of the order field 
is said value d, and in which a vector of which the 

10 components that correspond to all component numbers 

described in the component number list field are all zero 
does not lie in said plurality of said vectors mi, m 2 , 
to select a vector m that accords with a first vector type 
of said record R 2 from among said plurality of said 

15 vectors mi, m 2 , to generate a polynomial f x of which a 

coefficient is a value of the component of the vector m 
according to the monomial order described in said 
algebraic curve parameter file, hereinafter, similarly, to 
generate a polynomial f 2 employing the vector that accords 

20 with a second vector type, and also a polynomial f 3 

employing the vector that accords with a third vector type, 
to obtain a set {fi,f 2 ,f3l of the polynomial, and to output 
it as said Groebner basis J* or J**. 

25 4 A record medium having a program recorded for causing 
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an information processing unit configuring an arithmetic 
unit for executing addition in a Jacobian group of an 
algebraic curve defined by a polynomial defined over a 
finite field that is 
5 Y 3 + a 0 X 4 + a iXY 2 + a 2 X 2 Y+ a 3 X 3 + a 4 Y 2 + a 5 XY+ a 6 X 2 + a 7 Y+ a 8 X+ a 9 
or 

Y 2 + a 0 X 5 + a iX 2 Y+ a 2 X 4 + a 3 XY+ a 4 X 3 + a 5 Y+ a 6 X 2 + a 7 X+ a 8 
or 

Y 2 + a 0 X 7 + a iX 3 Y+ a 2 X 6 + a 3 X 2 Y+ a 4 X 5 + a 5 XY+ a 6 X 4 + a 7 Y+ a 8 X 3 + a 9 X 2 + a 

10 ioX+an to perform: 

a process of inputting an algebraic curve parameter 
file having an order of a field of definition, a monomial 
order, and a coefficient list described as a parameter 
representing said algebraic curve; 

15 a process of inputting Groebner bases Ii and I 2 of 

ideals of the coordinate ring of the algebraic curve 
designated by said algebraic curve parameter file, said 
Groebner bases representing an element of said Jacobian 
group; 

20 an ideal composition process of, in the coordinate 

ring of the algebraic curve designated by said algebraic 
curve parameter file, performing arithmetic of producing a 
Groebner basis J of an ideal which is a product of the 
ideal that the Groebner basis Ii generates, and an ideal 

25 that the Groebner basis I 2 generates; 
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a first ideal reduction process of, in the coordinate 
ring of the algebraic curve designated by said algebraic 
curve parameter file, performing arithmetic of producing a 
Groebner basis J* of the ideal, which is smallest in the 
monomial order designated by said algebraic curve 
parameter file among the ideals equivalent to an inverse 
ideal of the ideal that the Groebner basis J generates; 
and 

a second ideal reduction process of, in the coordinate 
ring of the algebraic curve designated by said algebraic 
curve parameter file, performing arithmetic of producing a 
Groebner basis J** of the ideal, which is smallest in the 
monomial order designated by said algebraic curve 
parameter file among the ideals equivalent to an inverse 
ideal of the ideal that the Groebner basis J* generates, 
to output it, said record medium being readable by said 
information processing unit. 

5 The record medium according to claim 4, said record 
medium having a program recorded for causing said 
information processing unit to further perform in said 
ideal composition process: 

a linear-relation derivation process of, for a 
plurality of vectors vi, v 2 , and v n that were input, 

outputting a plurality of vectors 
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{mi=(mi / i,mi,2,...,mi, n ) , m 2 = (m 2 , 1, m 2 , 2 , m 2 , n ) , -} representing 
linear dependence relations 

£±nij,i vi=0 ( j=l, 2, ...) of all of them employing a discharging 
method; 

5 . an ideal type classification process of acquiring said 

algebraic curve parameter file to make a reference to an 
ideal type table, which is composed of a record number 
field, an ideal type number field, an order field, and an 
ideal type field, for each of Groebner bases Ii and I 2 

10 that were input, to retrieve a record in which the ideal 
type described in the ideal type field accords with the 
type of an input ideal I ± (i=l,2), and to acquire a value 
Ni of the ideal type number field and a value d± of the 
order field of the retrieved record; 

15 a monomial vector generation process of calculating a 

sum d 3 =di+d 2 of said values di and d 2 of said order field to 
make a reference to a monomial list table, which is 
composed of the record number field, the order field, and 
a monomial list field, for retrieving a record R of which 

20 a value of the order field is said d 3 , to acquire a list 
Mi, M 2 , ... of the monomial described in said monomial list 
field of said record R, when Ii and I 2 are different, to 
calculate a remainder equation ri of dividing each said 
monomial Mi by Ii, to generate a vector w (1) i that is 

25 composed of coefficients of the remainder equation n 
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according to the monomial order described in said 
algebraic curve parameter file, furthermore to calculate a 
remainder equation Si of dividing M± by I 2 , to generate a 
vector w {i) 2 that is composed of coefficients of the 
5 remainder equation si according to the monomial order 
described in an algebraic curve parameter file A, to 
connect the above-mentioned two vectors w (IL) i and w (ZL) 2 for 
generating a vector v i7 also, when I x and I 2 are equal, to 
calculate a remainder equation r± of dividing each said 
10 monomial M ± by Ii, to generate a vector w u) x that is 

composed of coefficients of the remainder equation ri 
according to the monomial order described in said 
algebraic curve parameter file, furthermore to construct a 
defining polynomial F employing the coefficient list and 
15 the monomial order described in said algebraic curve 

parameter file, when a differential of a polynomial M with 
regard to by its X is expressed by D X (M), and a 
differential of the polynomial M with regard to by its Y 
is expressed by D Y (M), to calculate a remainder equation 
20 si of dividing a polynomial D x (M ± ) D Y ( F) -D Y (Mi ) D x ( F) by Ii, 

to generate a vector w (i) 2 that is composed of coefficients 
of the remainder equation s± according to the monomial 
order described in said algebraic curve parameter file, 
and to connect the above-mentioned two vectors w U) i and 
25 w (i) 2 for generating a vector v ± ; and 
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a basis construction process of obtaining a plurality 
of vectors mi, m 2 , ... output in said linear-relation 
derivation process, to make an reference to a table for a 
Groebner basis construction, which is composed of the 
5 record number field, the order field, a component number 
list field, a first vector type field, a second vector 
type field, and a third vector type field, for retrieving 
a record R2, of which a value of the order field is said 
value d3, and in which a vector of which the components 

10 that correspond to all component numbers described in the 
component number list field are all zero does not lie in 
said plurality of said vectors mi, m 2 , to select a 

vector m that accords with a first vector type of said 
record R 2 from among said plurality of said vectors mi, m 2 , 

15 to generate a polynomial fi of which the coefficient is 

a value of a component of the vector m according to the 
monomial order described in said algebraic curve parameter 
file, hereinafter, similarly, to generate a polynomial f 2 
employing a vector that accords with a second vector type, 

20 and also a polynomial f 3 employing a vector that accords 
with a third vector type, to obtain a set J= {fi,f 2 ,f3l of 
the polynomial, and to output it as said Groebner basis J. 

6 The record medium according to one of claim 4 and claim 
25 5, said record medium having a program recorded for 
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causing said information processing to further perform in 
each of said first and second ideal reduction processes: 

a linear-relation derivation process of, for a 
plurality of vectors v L , v 2 , and v n that were input, 

5 outputting a plurality of vectors 

{mi= (mi, i, mi, 2 , ...,mi, n ) rm 2 = (m 2 ,i, m 2 , 2 , ...,m 2 , n ) , ...} representing 
linear dependence relations 

2imj,i v ± =0 ( j = l, 2, ...) of all of them employing a discharging 
method ; 

10 an ideal type classification process of acquiring said 

algebraic curve parameter file to make a reference to a 
ideal type table, which is composed of the record number 
field, the ideal type number field, a reduction order 
field, and the ideal type field, to retrieve a record in 

15 which the ideal type described in the ideal type field 

accords with the type of an input ideal J, and to acquire 
a value N of the ideal type number field and a value d of 
the reduction order field of the retrieved record; 

a polynomial vector generation process of, when said d 

20 is zero, outputting the input ideal J as said Groebner 

basis J*, when said d is not zero, to make a reference to 
a monomial list table, which is composed of the record 
number field, the order field, and the monomial list field, 
for retrieving a record R of which a value of the order 

25 field is said d, to acquire a list Mi, M 2 , ... of the 
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monomial described in the monomial list field of said 
record R, to construct a defining polynomial F employing 
the coefficient list and the monomial order described in 
said algebraic curve parameter file, to acquire a first 
5 polynomial f, a second polynomial g, and a third 
polynomial h of the input ideal J, to calculate a 
remainder equation r± of a product Mi • g of each said 
monomial M± and said polynomial g by the polynomials f and 
F, to generate a vector w U) i that is composed of 

10 coefficients of the remainder equation r± according to the 
monomial order described in said algebraic curve parameter 
file, furthermore to calculate a remainder equation s± of 
a product M± • h of each said monomial Mi and the polynomial 
h by the polynomials f and F, to generate a vector w (ZL) 2 

15 that is composed of coefficients of the remainder equation 
si according to the monomial order described in said 
algebraic curve parameter file, and to connect the above- 
mentioned two vectors w (i) x and w (1) 2 for generating a 
vector vi; and 

20 a basis construction process of obtaining a plurality 

of vectors mi, m 2 , ... output in said linear-relation 
derivation process to make a reference to a table for a 
Groebner basis construction, which is composed of the 
record number field, the order field, the component number 

25 list field, the first vector type field, the second vector 
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type field, and the third vector type field, for 
retrieving a record R 2 of which a value of the order field 
is said value d, and in which a vector of which the 
components that correspond to all component numbers 
described in the component number list field are all zero 
does not lie in said plurality of said vectors mi, m 2 , 
to select a vector m that accords with a first vector type 
of said record R 2 from among said plurality of said 
vectors m x , m 2 , to generate a polynomial fi of which a 

coefficient is a value of the component of the vector m 
according to the monomial order described in said 
algebraic curve parameter file, hereinafter, similarly, to 
generate a polynomial f 2 employing the vector that accords 
with a second vector type, and also a polynomial f 3 
employing the vector that accords with a third vector type, 
to obtain a set {fi,f 2 ,f3l of the polynomial, and to output 
it as said Groebner basis J* or J**. 



